rvmcmil at ...891...
Tue Oct 23 17:11:01 EDT 2001
I am having some problems capturing large packets. For example, I am
executing the following command on a Linux box
ping localhost -c 1 -s 30000
and snort gets the fragments OK, but if I do the following
ping localhost -c 1 -s 50000
I only get one.
If I do this
ping localhost -c 1 -s 60000
I get nothing. I am pretty sure it's a problem with libpcap > .6 because
tcpdump is behaving the same way. I happen to have an old binary of snort
1.7, which I must have compiled with an other version of libpcap that
behaves as it should (gets all the fragments). Is there a way to tell what
version a snort binary was linked to? Like tcpdump -V ?
Is anyone else have such problems?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel